dependabot[bot] opened a new pull request, #38198: URL: https://github.com/apache/beam/pull/38198
Bumps [keras](https://github.com/keras-team/keras) from 3.12.1 to 3.13.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/keras-team/keras/releases";>keras's releases</a>.</em></p> <blockquote> <h2>v3.13.2</h2> <h2>Security Fixes & Hardening</h2> <p>This release introduces critical security hardening for model loading and saving, alongside improvements to the JAX backend metadata handling.</p> <ul> <li> <p><strong>Disallow <code>TFSMLayer</code> deserialization in <code>safe_mode</code> (<a href="https://redirect.github.com/keras-team/keras/pull/22035";>#22035</a>)</strong></p> <ul> <li>Previously, <code>TFSMLayer</code> could load external TensorFlow SavedModels during deserialization without respecting Keras <code>safe_mode</code>. This could allow the execution of attacker-controlled graphs during model invocation.</li> <li><code>TFSMLayer</code> now enforces <code>safe_mode</code> by default. Deserialization via <code>from_config()</code> will raise a <code>ValueError</code> unless <code>safe_mode=False</code> is explicitly passed or <code>keras.config.enable_unsafe_deserialization()</code> is called.</li> </ul> </li> <li> <p><strong>Fix Denial of Service (DoS) in <code>KerasFileEditor</code> (<a href="https://redirect.github.com/keras-team/keras/pull/21880";>#21880</a>)</strong></p> <ul> <li>Introduces validation for HDF5 dataset metadata to prevent "shape bomb" attacks.</li> <li>Hardens the <code>.keras</code> file editor against malicious metadata that could cause dimension overflows or unbounded memory allocation (unbounded numpy allocation of multi-gigabyte tensors).</li> </ul> </li> <li> <p><strong>Block External Links in HDF5 files (<a href="https://redirect.github.com/keras-team/keras/pull/22057";>#22057</a>)</strong></p> <ul> <li>Keras now explicitly disallows external links within HDF5 files during loading. This prevents potential security risks where a weight file could point to external system datasets.</li> <li>Includes improved verification for H5 Groups and Datasets to ensure they are local and valid.</li> </ul> </li> </ul> <h2>Backend-specific Improvements (JAX)</h2> <ul> <li><strong>Set <code>mutable=True</code> by default in <code>nnx_metadata</code> (<a href="https://redirect.github.com/keras-team/keras/pull/22074";>#22074</a>)</strong> <ul> <li>Updated the JAX backend logic to ensure that variables are treated as mutable by default in <code>nnx_metadata</code>.</li> <li>This makes Keras 3.13.2 compatible with Flax 0.12.3 when the Keras NNX integration is enabled.</li> </ul> </li> </ul> <h2>Saving & Serialization</h2> <ul> <li><strong>Improved H5IOStore Integrity (<a href="https://redirect.github.com/keras-team/keras/pull/22057";>#22057</a>)</strong> <ul> <li>Refactored <code>H5IOStore</code> and <code>ShardedH5IOStore</code> to remove unused, unverified methods.</li> <li>Fixed key-ordering logic in sharded HDF5 stores to ensure consistent state loading across different environments.</li> </ul> </li> </ul> <hr /> <h3>Contributors</h3> <p>We would like to thank the following contributors for their security reports and code improvements: <a href="https://github.com/0xManan";><code>@0xManan</code></a>, <a href="https://github.com/HyperPS";><code>@HyperPS</code></a>, <a href="https://github.com/hertschuh";><code>@hertschuh</code></a>, and <a href="https://github.com/divyashreepathihalli";><code>@divyashreepathihalli</code></a>.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/keras-team/keras/compare/v3.13.1...v3.13.2";>https://github.com/keras-team/keras/compare/v3.13.1...v3.13.2</a></p> <h2>v3.13.1</h2> <h3>Bug Fixes & Improvements</h3> <ul> <li><strong>General</strong> <ul> <li>Removed a persistent warning triggered during <code>import keras</code> when using NumPy 2.0 or higher. (<a href="https://redirect.github.com/keras-team/keras/issues/21949";>#21949</a>)</li> </ul> </li> <li><strong>Backends</strong> <ul> <li><strong>JAX:</strong> Fixed an issue where CUDNN flash attention was broken when using JAX versions greater than 0.6.2. (<a href="https://redirect.github.com/keras-team/keras/issues/21970";>#21970</a>)</li> </ul> </li> <li><strong>Export & Serialization</strong> <ul> <li>Resolved a regression in the export pipeline that incorrectly forced batch sizes to be dynamic. The export process now correctly respects static batch sizes when defined. (<a href="https://redirect.github.com/keras-team/keras/issues/21944";>#21944</a>)</li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/keras-team/keras/compare/v3.13.0...v3.13.1";>https://github.com/keras-team/keras/compare/v3.13.0...v3.13.1</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/keras-team/keras/commit/e29d0efbefe21b80c041849bd73cc3e54c872de3";><code>e29d0ef</code></a> Version bump and cherry picks for 3.13.2 (<a href="https://redirect.github.com/keras-team/keras/issues/22080";>#22080</a>)</li> <li><a href="https://github.com/keras-team/keras/commit/8914427b7fa9d90f3c476cb2ee65d55d4f808e65";><code>8914427</code></a> Patch release commits for 3.13.1 (<a href="https://redirect.github.com/keras-team/keras/issues/22005";>#22005</a>)</li> <li><a href="https://github.com/keras-team/keras/commit/986ff971d98e216a89fba38d48a337ed09d6dc44";><code>986ff97</code></a> Update release version and comment orbax checkpoint (<a href="https://redirect.github.com/keras-team/keras/issues/21934";>#21934</a>)</li> <li><a href="https://github.com/keras-team/keras/commit/ca23fceb51f7de40dba51908a0a5297f1f425651";><code>ca23fce</code></a> Refactors AbsMaxQuantizer to accept axis in <strong>call</strong> (<a href="https://redirect.github.com/keras-team/keras/issues/21931";>#21931</a>)</li> <li><a href="https://github.com/keras-team/keras/commit/1a9893f04e081ba7f233f59b0669bbde2d83143f";><code>1a9893f</code></a> Adds Serialization Support for QuantizationConfig based quantized models (<a href="https://redirect.github.com/keras-team/keras/issues/21";>#21</a>...</li> <li><a href="https://github.com/keras-team/keras/commit/86bfab4375d17ed41e56dc25ab1fdb6e324377a8";><code>86bfab4</code></a> More OpenVINO Numpy Operations (<a href="https://redirect.github.com/keras-team/keras/issues/21925";>#21925</a>)</li> <li><a href="https://github.com/keras-team/keras/commit/f48f4805fd462893f68e5f6cc632d320d4198a52";><code>f48f480</code></a> Add adaptive pooling (1D, 2D, 3D) support across JAX, NumPy, TensorFlow, and ...</li> <li><a href="https://github.com/keras-team/keras/commit/0771c8044a5c183e3cd8c1c4e8756a607579d4a0";><code>0771c80</code></a> Fix ops.tile shape inference issue on TensorFlow backend (<a href="https://redirect.github.com/keras-team/keras/issues/21860";>#21860</a>)</li> <li><a href="https://github.com/keras-team/keras/commit/024c96db1705f2d4fc0c03fde9158e33554b5304";><code>024c96d</code></a> Extended fix OOM Issue <a href="https://redirect.github.com/keras-team/keras/issues/21634";>#21634</a> on Keras side (<a href="https://redirect.github.com/keras-team/keras/issues/21755";>#21755</a>)</li> <li><a href="https://github.com/keras-team/keras/commit/71f499735f543871d296474c48f56a2e9758a73c";><code>71f4997</code></a> Introduces QuantizationConfig for fine-grained quantization control (<a href="https://redirect.github.com/keras-team/keras/issues/21896";>#21896</a>)</li> <li>Additional commits viewable in <a href="https://github.com/keras-team/keras/compare/v3.12.1...v3.13.2";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/beam/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
